Can't Ping Sub Interfaces

boostinbadger · May 2012

I'm drawing a blank here. I have a link light and everything else is running fine but I can't ping 10.59.1.4:

interface FastEthernet0/0
no ip address
speed auto
!
interface FastEthernet0/0.59
encapsulation dot1Q 59
ip address 10.59.1.4 255.255.255.224
!
interface FastEthernet0/0.159
encapsulation dot1Q 159
ip address 10.159.1.1 255.255.255.224
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface Vlan1
no ip address
!
interface Vlan59
no ip address
!
ip default-gateway 10.59.1.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.59

It is uplinked off this switch (core) on fa 0/7.:

interface FastEthernet0/1
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/7
switchport trunk native vlan 59
switchport trunk allowed vlan 159
switchport mode trunk
mdix auto
!
interface FastEthernet0/8
switchport trunk native vlan 59
switchport trunk pruning vlan 59
switchport mode trunk
!
interface GigabitEthernet0/1
switchport trunk native vlan 59
switchport trunk pruning vlan 59
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan59
ip address 10.59.1.2 255.255.255.224
no ip route-cache
!
interface Vlan159
no ip address
no ip route-cache
shutdown
!
ip default-gateway 10.59.1.1
ip http server

What am I overlooking?

Forsaken_GA · May 2012

what encapsulation is set on your trunks on the switch?

sh int trunk

boostinbadger · May 2012

It is a 2940. It only supports dot1q.

Forsaken_GA · May 2012

You also failed to make 59 the native vlan on the router side, so you have one side tagging 59 and one side not

Forsaken_GA · May 2012

and finally, where does the 10.59.1.1 address exist? It's not defined on either side from the configs you posted, but you're setting it as the default gateway. Fixing the tagging on the router side mistake and putting an IP on vlan159 SVI, I can ping all IP's involved without any issue.

So fix the obvious configuration mistakes, and if your ping still fails, post exactly what it is you're trying to do and where it's failing

boostinbadger · May 2012

Understood. I made the adjustment but still don't have a ping:

!
interface FastEthernet0/0
no ip address
speed auto
!
interface FastEthernet0/0.59
encapsulation dot1Q 59 native
ip address 10.59.1.4 255.255.255.224
!
interface FastEthernet0/0.159
encapsulation dot1Q 159
ip address 10.159.1.1 255.255.255.224
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface Vlan1
no ip address
!
interface Vlan59
no ip address
!
ip default-gateway 10.59.1.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.59

Forsaken_GA · May 2012

What exactly are you trying to do? Ping the interfaces across the trunk on the router? That's not going to work, since both interfaces are local to the router, the packet will never traverse the trunk.

If you're trying to ping the subints from the switch or from some device connected to the switch, then you need to make sure the router has a route back to those sources, so start checking your routing tables. As I mentioned, your default gateway appears to be incorrect (or there's configuration you're not telling us about)

boostinbadger · May 2012

I know I can't ping across the trunk. I am trying to ping the sub interface from the switch and my PC.

I didn't see your earlier post. The default-gateway (10.59.1.1) is the internet router.

Forsaken_GA · May 2012

boostinbadger wrote: »

I know I can't ping across the trunk. I am trying to ping the sub interface from the switch and my PC.

I didn't see your earlier post. The default-gateway (10.59.1.1) is the internet router.

Ok, so lets take this bit by bit -

From the switch, what IP are you sourcing the pings from? Does the switch have routes to the subints? If not, they're going to the internet router. Does the internet router have routes to your subints? Does the router have routes back to the IP the switch is sourcing the ping from?

If the switch does have routes to the subints, does the router have a route back to the IP that the ping is being sourced from?

From your PC, I assume it's following a default route to the internet router, so again, does the internet router have routes to the subints? (It should have one to the vlan59 one obviously, since they're on the same subnet)

After fixing the obvious configuration mistakes, I implemented the configuration you have above, though I am cheating and using a 3560, so I can have SVI's active on both vlans, and I can ping fine.

I suspect when you dig into it, you're going to find that something is missing a route, either on the send, or on the reply. Either that, or your trunk isn't coming up properly.

boostinbadger · May 2012

The IP I am pinging from is 10.59.1.14/27. The 2940 can't route. It is strictly L2. The Internet router is a Linksys E4200v2. Here is the topo:

E4200
|
|
2940 ----1760
|
|
3500

The 2940 is the aggregate switch. The 1760 is going to be a CME router and the 3500 is my access switch which provides inline power to my phones.

The E4200 is 10.59.1.1/27. The 2940 is 10.59.1.2/27. The 1760 is 10.59.1.4/27. The 3500 is 10.59.1.3/27. I can ping all the addresses except the 1760 (10.59.1.4) from my PC which is 10.59.1.14/27.

I shouldn't have to have routes in the E4200 back to the sub interfaces on the 1760, especially not for the 10.59.1.0/27 network. (Correct me if I'm wrong).

Forsaken_GA · May 2012

boostinbadger wrote: »

The IP I am pinging from is 10.59.1.14/27. The 2940 can't route. It is strictly L2. The Internet router is a Linksys E4200v2. Here is the topo:

E4200
|
|
2940 ----1760
|
|
3500

The 2940 is the aggregate switch. The 1760 is going to be a CME router and the 3500 is my access switch which provides inline power to my phones.

The E4200 is 10.59.1.1/27. The 2940 is 10.59.1.2/27. The 1760 is 10.59.1.4/27. The 3500 is 10.59.1.3/27. I can ping all the addresses except the 1760 (10.59.1.4) from my PC which is 10.59.1.14/27.

I shouldn't have to have routes in the E4200 back to the sub interfaces on the 1760, especially not for the 10.59.1.0/27 network. (Correct me if I'm wrong).

Well, it depends on your traffic flow. You should be able to ping anything in 10.59.1.0/27, assuming your layer 2 domain is setup correctly. How is the 3500 connecting to the 2940? I assume it's one of those other trunks up above that has native vlan 59 set? Can you ping 10.59.1.2 from the 1760? If not, then you've got a problem with your trunk, since that should be a direct layer 2 connection.

In order to ping the 10.159.1.0/27 subint, then yes, your E4200 most certainly does need to have a route for it, since it looks like that's where everything is defaulting to. Otherwise, once the traffic hits the E4200, it will either drop the traffic, or, since you've said this is an internet router, it's going to send it down it's default gateway, which appropriately, should be dropping it.

Assuming you can ping the subint on the 10.159.1.0/27 subnet, I'd have the E4200 run RIP with the 1760 so it could get the route, or nail up a static in the E4200 pointing 10.159.1.0/27 to a nexthop of 10.59.1.4

If you can't ping 10.59.1.4 from anything in the same subnet, well start from scratch. Turn the port on the 1760 back into a regular non-trunking port and assign it it's IP. Turn the port the 1760 connects to on the 2940 into access port in vlan59. Then see if you can ping 10.59.1.4. If you can, good, means your ports aren't bad, your cable isn't bad. Then convert it back into a trunk and only bring up the fa0/0.59 interface and make sure you can still ping. If not, you've isolated your problem. If so, then bring up the fa0/0.159 subint, at which point you'll need to figure out the routing, unless I'm drastically misunderstanding something.

Forsaken_GA · May 2012

Now, no matter what you do, you're going to have some nasty traffic flow patterns. That link up to the E4200 has potential for some serious saturation, since virtually all traffic has to traverse it. What I would sincerely recommend is to replace the 2940 with something that can route, and let it handle your core connectivity, and just let the E4200 be a border router. Since it looks like you're actually trying to do this for a business application rather than study, there's no excuse to do it like this, given how cheap 3550's have gotten. Go have a talk with your boss and convince him to spend the ~$100 now rather than run into problems later.

boostinbadger · May 2012

Thanks! I will work on it this evening.

And...uh...it is for my house

Do you think I will still have a saturation problem with a gig uplink between the E4200 and the 2940?

Forsaken_GA · May 2012

boostinbadger wrote: »

Thanks! I will work on it this evening.

And...uh...it is for my house

Do you think I will still have a saturation problem with a gig uplink between the E4200 and the 2940?

Oh, if it's for your home, then probably not, though I seriously doubt the E4200 actually has the capacity to run at 1 gig.

My recommendation on tossing the 2940 for a 3550 still stands, however. Life is immensely easier when your common point of connection for all devices can route.

boostinbadger · May 2012

Thanks for all of your input so far Forsaken. I had some time to mull this over on my drive to work. What if I took the 2940 out completely and put in a WIC-4ESW into the 1760 like this:

E4200
|
1760
|
3500

That would simplify the topology and would be a better design I believe. Do you agree? I could then RIP between the two routers.

Forsaken_GA · May 2012

boostinbadger wrote: »

Thanks for all of your input so far Forsaken. I had some time to mull this over on my drive to work. What if I took the 2940 out completely and put in a WIC-4ESW into the 1760 like this:

I'm not a fan of the 4ESW's. Missing far too many features for me to be comfortable with them replacing a full switch. I'm also not a huge fan of *any* router with a single ethernet port, either.

You could do that if that's all you have to work with, but I'm always going to lean towards the practical example. And trust me, back when gear was expensive and I could barely afford it, I did some crazy ROAS setups to make crap work as well.

The second I could afford a layer 3 switch though, I did. It solved so many routing problems, it wasn't even funny.

As I think about it, in your case, it may not actually help anything though. I'm not a voice guy, but I'm assuming the 2 vlans are for voice and data? And that you need the 1760 to have connectivity on both vlans one for voice traffic, the other for management? If so, you're going to need the trunk no matter what. What I'd honestly prefer is another layer 3 port on the router.

boostinbadger · May 2012

Now you see my dilemma

High prices = crazy ROAS.

You are right. The two vlans are for voice and data.

Another thought...I do have a 3600 in my lab rack with two fa's on it, maybe three (can't remember).

Can't Ping Sub Interfaces

Comments